Why are data breach costs rising in the U.S. while falling everywhere else?

Reading Time: 7 minutes

Marking the publication’s twentieth year, IBM and The Ponemon Institute released their annual Cost of a Data Breach Report last month. This year’s findings were based on interviews with 3,470 security and business leaders across 600 global organizations, who all had one thing in common: they’d been breached.

The analysis examined data breaches that occurred between March 2024 and February 2025, focusing on cases where the number of records lost ranged from about 3,000 to 114,000, leaving out extremely small or unusually massive breach incidents. While the report covered many timely topics, including AI governance gaps and a growing trend for ransomware victims not to pay their attackers, two statistics offered a glimpse into a geographic data breach dichotomy.

The global average cost of a data breach decreased for the first time in five years, down 9% to $4.4M, while the U.S. average cost surged 9% to an all-time high of $10.22M.

If most of the world benefited from faster breach containment enabled by AI-powered defenses this year, and the U.S. is dedicated to AI innovation, why didn’t the U.S. see its data breach costs go down, too? Can higher regulatory fines really take all the blame?

Five factors contributing to high data breach costs in the U.S. — and how to mitigate them

A handful of underlying factors may help explain why breach costs remain disproportionately high in the U.S., despite global improvements in containment and response.

1. Complex breach investigation costs

Organizations in the U.S. can expect to dig deeper into their infrastructure and their pockets after a data breach, partly due to the advanced and diverse business environments American organizations operate within. Put simply, it takes longer to find the source of the breach when organizations have complex data storage configurations spread across multiple locations and cloud environments. For organizations in other parts of the world, where simpler IT infrastructures are the norm, the time and costs associated with breach investigation could be significantly less.

SHI understands the burden security analysts bear in keeping their organizations protected.

With deep expertise in security, orchestration, automation, and response (SOAR) frameworks, we utilize this dynamic cybersecurity approach to help your organization address evolving threats.

SOAR frameworks help organizations:

• improve incident response time.
• reduce the likelihood of a breach.
• lower the burden on your in-house security analysts.

We’ll help you unburden your security operations center (SOC) professionals by automating tasks and managing alert fatigue, so they can be reallocated to work that adds more value to your organization.

2. Customer notification requirements

Bad news travels fast for customers of organizations affected by a data breach, and by law, it has to. Organizations in the U.S. are legally obligated to notify affected people after their personally identifiable information (PII) has been breached. The notification process can involve data mapping, classification, and major communication campaigns via direct mail and other media. Coming clean about the data breach doesn’t always yield goodwill either. Even if an organization apologizes and offers identity theft protection and remediation services to affected customers, the damage to customer trust may be too significant. Because of this, customer loss after breach notification can’t be overlooked within the data breach costs tally sheet.

Stratascale understands the importance of accelerating recovery time after a cyber event.

Our cybersecurity resilience program helps organizations enact safeguards that embrace an attacker’s mindset to close security gaps.

As a part of the program, you’ll gain:

• priority access to battle-tested incident response (IR) teams.
• support for tabletop exercises to prepare staff in the event of an incident.
• 24/7 expert availability for rapid containment and recovery.

We’ll help you develop effective responses to minimize the impact of incidents, maintain business continuity, build long-term cyber resilience, and confidently navigate an evolving threat landscape.

3. Cost of providing remediation services

If the customer relationship remains intact after the data breach notification, organizations will be reminded of their price going forward as they offer identity theft protection and credit monitoring for up to 12 months. Though impacted organizations will certainly negotiate a contracted rate from consumer security providers, monthly retail prices for individuals still range from $7.99 to $24.99, equivalent to a monthly premium Netflix account. These costs can add up, especially when massive data breaches occur with multi-national organizations and span millions of customer records.

SHI understands you can’t afford to lose your client base after a data breach event.

Our first critical step in helping organizations protect themselves from the threats of today and tomorrow starts with understanding your specific vulnerabilities. To do this, we offer free security posture reviews, including:

• a technical analysis of your organization’s infrastructure vulnerabilities.
• business-oriented recommendations to improve your organization’s security in the short-term and long-term.

We’ll help you take the first step in identifying security gaps in your organization and make a plan for future improvements.

4. Legal expenses

It’s no surprise that when data spills, lawyers bill. Legal fees, settlement payouts, and potential increases to insurance premiums all add up for breached organizations. AT&T announced this week that it has agreed to a $177 million settlement with customers related to two significant data breaches over the last few years. As a result, millions of eligible customers can now file a claim to receive up to $7,500. This result won’t have been arrived at lightly, and the topic of cybersecurity governance and industry risks was unsurprisingly outlined in the organization’s 2024 annual report, released earlier this year.

SHI understands investing in cyber insurance is no small task, especially for small businesses.

While we do not directly offer cyber insurance, we work with leading cybersecurity partners that service many prerequisites organizations need before securing cyber insurance.

These cybersecurity vendors provide a variety of cyber support services, including:

• multifactor authentication (MFA).
• endpoint detection and response (EDR).
• encryption.
• vulnerability management.

We’ll help you select, deploy, and manage the right cybersecurity tools and strategy for your organization, with our hallmark vendor-neutral approach.

5. Strict regulations and fines

Perhaps the most apparent source of high data breach costs for American organizations is reserved for federal and state compliance regulations. The U.S. has a complex regulatory landscape at the national level (Federal Trade Commission – FTC), state level, (California Consumer Privacy Act – CCPA), and even by industry type (Health Insurance Portability and Accountability Act – HIPAA). These entities create a standard that organizations must uphold regarding data security and privacy practices, making compliance with these standards a much cheaper option than paying the hefty penalties and fines associated with non-compliance.

Stratascale understands the key role compliance with regulations plays in an organization’s cybersecurity posture.

Our governance, risk, and compliance services help organizations align with technological frameworks like:

• National Institute of Standards and Technology (NIST).
• International Organization for Standardization (ISO).
• Cybersecurity Maturity Model Certification (CMMC).

Regulatory bodies like the U.S. Securities and Exchange Commission (SEC), General Data Protection Regulation (GDPR), FTC, CCPA, HIPAA, and others often reference these frameworks when assessing compliance.

We’ll help you avoid problems associated with non-compliance, such as hefty fines, legal action, and the loss of business licenses.  

Location doesn’t have to limit cybersecurity readiness

So, what’s the silver lining in geographically disparate data breach costs? Organizations can still prioritize resilient cybersecurity measures, regardless of location. While the U.S. currently faces higher data breach costs due to a complex mix of regulatory, legal, and operational factors, this landscape is not fixed. It’s possible the cost gap may narrow as global infrastructures evolve and international regulations mature and strengthen. The encouraging news regarding data breaches is that no organization has to sit by waiting for a crisis to strike. No matter where you’re located, prioritizing organizational data security and safeguarding your enterprise information against cyber threats is never a wasted investment.

Holistic cybersecurity solutions from SHI and Stratascale

As vendor-neutral allies, we help organizations build end-to-end cybersecurity strategies that strengthen protection at every layer of the business. In addition to helping you with data breach protection actions like SOAR framework services, cybersecurity resilience, security posture reviews, navigating cybersecurity vendors, and governance and compliance services, we can’t leave out one crucial way we can help you protect your organization against data breaches: our AI & Cyber Labs. This environment allows you to conduct hands-on security drills and threat simulations to assess and strengthen your organization’s defenses in a safe, controlled setting. Here, you can test, build, and deploy cybersecurity solutions without posing a risk to your information or your infrastructure.

When you’re ready to reduce your risk of becoming a data breach statistic in 2026, contact us and let’s solve what’s next.

Want more insight on this report from our experts?

Listen to our podcast, the Research Breakdown, where we dig into this topic further: